Connexion not secure - was working few weeks ago


#1

I have my own website to my own vps. I wanted to work a bit on it but I just saw that now I cannot connect to gilfelot.com.
I try to renew the cert but everything is ok. I didn’t touch my nginx config since so I have no clue where to look at to solve this issue.
I can ssh/ping my server and I even can see it when I try the pingdom tool to score my website.

Thanks.


#2

Are you trying to connect to it over IPv6 by any chance?

IPv4 is working fine but IPv6 just blows up.

$ curl -i -6 https://gilfelot.com
curl: (35) Encountered end of file

IOW, your IPv6 setup for that domain is not working.


#3

Yes you right I just check myself. Totaly forget to test this.

I don’t know what’s wrong because I have setup my nginx to accept ipv6.

    server {
       listen           80;
       listen           [::]:80;
       server_name      www.gilfelot.com gilfelot.com;
       return           301 https://gilfelot.com$request_uri;
}

server {
       listen           443;
       listen           [::]:443;
       server_name      www.gilfelot.com;
       return           301 https://gilfelot.com$request_uri;
}


server {
        root /var/www/html;

        listen     443 ssl http2;
        listen     [::]:443 ssl http2;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name gilfelot.com;

        location / {
                try_files $uri $uri/ =404;
        }

        ssl_certificate /etc/letsencrypt/live/gilfelot.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/gilfelot.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

}

Also UFW is correct.

To                         Action      From
--                         ------      ----
Nginx Full                 ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
Nginx Full (v6)            ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

#4

Doesn’t this need the ssl directives too? I guess maybe it’s taking precedence and causing nginx to serve http rather than https on port 443 over ipv6? (not sure why it would behave differently on ipv4 though)


#5

I may left this typo yeah. I added ssl http2 for the 2 mentioned lines but it doesn’t seems to solve the issue.


#6

It needs, at minimum, a certificate and key. (ssl_certificate and ssl_certificate_key.) Or else Nginx will malfunction.


#7

I feel so dumb now… It was simply that… but since Cerbot add an automatic redirection I don’t even need this part.


#8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.